In August last year, we announced our commitment to comply with Europe’s new General Data Protection Regulation (GDPR), which applies to users in the EEA. GDPR takes effect on May 25th and we are committed to working with you to make this transition as smooth as possible. This Help Center article provides more details about how we are supporting you with the changes GDPR brings.

Controller responsibilities

Across our publisher suite (DoubleClick for Publishers (DFP), DoubleClick Ad Exchange, AdMob, and AdSense), both you and Google operate as independent controllers of personal data. We operate as a controller because we regularly make decisions on the data to deliver and improve the product — for example, testing ad serving algorithms, monitoring end-user latency, and ensuring the accuracy of our forecasting system. Additionally, we use data to deliver relevant and high-performing ads in features like Optimized Pricing in the open auction. Find out more about how we process data in DFP and Ad Exchange here.

The designation of Google’s publisher products as controller does not give Google any additional rights over data derived from a publisher’s use of those products. Google’s uses of data continue to be controlled by the terms of its contract with its publishers, and any feature-specific settings chosen by a publisher through the user interface of our products.

You are not required to seek consent for a user’s activity on Google’s sites (we obtain that ourselves when users visit our sites). We are asking only that you seek consent for your uses of our ads products on your properties. We already require that certain consents are obtained from your users in the EEA, and we are updating those requirements in line with the GDPR. We encourage you to link to this user-facing page explaining how Google manages data in its ads products. Doing so will meet the requirement of our EU User Consent Policy to give your users information about Google’s uses of their personal data.

Consent support

The GDPR introduces significant new obligations for the ecosystem (see GDPR legal and regulatory guidance references below), and the changes we announced last month to our EU User Consent Policy reflect this. We have updated our Help Page for the EU User Consent Policy to address questions we have received from our customers.

We are providing a range of optional tools to help you with gathering user consent across your websites and apps, including:

Control over ads personalization

We are also providing new publisher controls for ads personalisation. In mid-May, we will launch:

Ad Technology Provider Controls (DFP Help Center, AdMob Help Center, AdSense Help Center) to give you the ability to select which partners you want to measure and serve ads for EEA users on your sites and apps when inventory is sold via programmatic channels, including Programmatic Guaranteed. You can select your preferred partners from a list of companies that have provided us with information about their compliance with the GDPR - all of whom also have to comply with our data usage policy to help protect your users’ data. (Measurement and ad technology partners who have not yet provided this information should reach out to 3p-cert@google.com).

DFP Reservation Line Item Controls (DFP Help Center) enable you to select which tag-based line items you want to serve to EEA users in personalized and/or non-personalized mode.

A Non-Personalized Ads solution (DFP Help Center, AdMob Help Center, AdSense Help Center) allows you to present EEA users with a choice between personalized ads and non-personalized ads (or to choose to serve only non-personalized ads to all users in the EEA). Non-Personalized Ads only use contextual information, including coarse general (city-level) location. ​

Although these ads don’t use cookies for ad personalisation, they do use cookies to allow for frequency capping, aggregated ad reporting, and to combat fraud and abuse. Consent is therefore required to use cookies for those purposes from users in countries to which the ePrivacy Directive’s cookie provisions apply.

GDPR legal and regulatory guidance references

For more information about the GDPR and its application to digital publishers and advertising: